1
22
23 package com.liferay.portal.security.auth;
24
25 import com.liferay.portal.NoSuchUserException;
26 import com.liferay.portal.SystemException;
27 import com.liferay.portal.kernel.log.Log;
28 import com.liferay.portal.kernel.log.LogFactoryUtil;
29 import com.liferay.portal.kernel.util.ParamUtil;
30 import com.liferay.portal.kernel.util.StringPool;
31 import com.liferay.portal.kernel.util.StringUtil;
32 import com.liferay.portal.kernel.util.Validator;
33 import com.liferay.portal.model.User;
34 import com.liferay.portal.security.ldap.PortalLDAPUtil;
35 import com.liferay.portal.service.UserLocalServiceUtil;
36 import com.liferay.portal.util.PortalUtil;
37 import com.liferay.portal.util.PrefsPropsUtil;
38 import com.liferay.portal.util.PropsKeys;
39 import com.liferay.portal.util.PropsValues;
40
41 import edu.yale.its.tp.cas.client.filter.CASFilter;
42
43 import javax.naming.Binding;
44 import javax.naming.NamingEnumeration;
45 import javax.naming.directory.Attributes;
46 import javax.naming.directory.SearchControls;
47 import javax.naming.directory.SearchResult;
48 import javax.naming.ldap.LdapContext;
49
50 import javax.servlet.http.HttpServletRequest;
51 import javax.servlet.http.HttpServletResponse;
52 import javax.servlet.http.HttpSession;
53
54
61 public class CASAutoLogin implements AutoLogin {
62
63 public String[] login(
64 HttpServletRequest request, HttpServletResponse response)
65 throws AutoLoginException {
66
67 String[] credentials = null;
68
69 try {
70 long companyId = PortalUtil.getCompanyId(request);
71
72 if (!PrefsPropsUtil.getBoolean(
73 companyId, PropsKeys.CAS_AUTH_ENABLED,
74 PropsValues.CAS_AUTH_ENABLED)) {
75
76 return credentials;
77 }
78
79 HttpSession session = request.getSession();
80
81 String screenName = (String)session.getAttribute(
82 CASFilter.CAS_FILTER_USER);
83
84 if (Validator.isNull(screenName)) {
85 return credentials;
86 }
87
88 User user = null;
89
90 if (PrefsPropsUtil.getBoolean(
91 companyId, PropsKeys.CAS_IMPORT_FROM_LDAP,
92 PropsValues.CAS_IMPORT_FROM_LDAP)) {
93
94 try {
95 user = importLDAPUser(companyId, screenName);
96 }
97 catch (SystemException se) {
98 }
99 }
100
101 if (user == null) {
102 user = UserLocalServiceUtil.getUserByScreenName(
103 companyId, screenName);
104 }
105
106 String redirect = ParamUtil.getString(request, "redirect");
107
108 if (Validator.isNotNull(redirect)) {
109 request.setAttribute(AutoLogin.AUTO_LOGIN_REDIRECT, redirect);
110 }
111
112 credentials = new String[3];
113
114 credentials[0] = String.valueOf(user.getUserId());
115 credentials[1] = user.getPassword();
116 credentials[2] = Boolean.TRUE.toString();
117
118 return credentials;
119 }
120 catch (Exception e) {
121 _log.error(e, e);
122 }
123
124 return credentials;
125 }
126
127
130 protected User addUser(long companyId, String screenName)
131 throws Exception {
132
133 return importLDAPUser(companyId, screenName);
134 }
135
136 protected User importLDAPUser(long companyId, String screenName)
137 throws Exception {
138
139 LdapContext ctx = null;
140
141 try {
142 String baseDN = PrefsPropsUtil.getString(
143 companyId, PropsKeys.LDAP_BASE_DN);
144
145 ctx = PortalLDAPUtil.getContext(companyId);
146
147 if (ctx == null) {
148 throw new SystemException("Failed to bind to the LDAP server");
149 }
150
151 String filter = PrefsPropsUtil.getString(
152 companyId, PropsKeys.LDAP_AUTH_SEARCH_FILTER);
153
154 if (_log.isDebugEnabled()) {
155 _log.debug("Search filter before transformation " + filter);
156 }
157
158 filter = StringUtil.replace(
159 filter,
160 new String[] {
161 "@company_id@", "@email_address@", "@screen_name@"
162 },
163 new String[] {
164 String.valueOf(companyId), StringPool.BLANK, screenName
165 });
166
167 if (_log.isDebugEnabled()) {
168 _log.debug("Search filter after transformation " + filter);
169 }
170
171 SearchControls cons = new SearchControls(
172 SearchControls.SUBTREE_SCOPE, 1, 0, null, false, false);
173
174 NamingEnumeration<SearchResult> enu = ctx.search(
175 baseDN, filter, cons);
176
177 if (enu.hasMoreElements()) {
178 if (_log.isDebugEnabled()) {
179 _log.debug("Search filter returned at least one result");
180 }
181
182 Binding binding = enu.nextElement();
183
184 Attributes attrs = PortalLDAPUtil.getUserAttributes(
185 companyId, ctx,
186 PortalLDAPUtil.getNameInNamespace(companyId, binding));
187
188 return PortalLDAPUtil.importLDAPUser(
189 companyId, ctx, attrs, StringPool.BLANK, true);
190 }
191 else {
192 throw new NoSuchUserException(
193 "User " + screenName + " was not found in the LDAP server");
194 }
195 }
196 catch (Exception e) {
197 if (_log.isWarnEnabled()) {
198 _log.warn("Problem accessing LDAP server " + e.getMessage());
199 }
200
201 if (_log.isDebugEnabled()) {
202 _log.debug(e, e);
203 }
204
205 throw new SystemException(
206 "Problem accessing LDAP server " + e.getMessage());
207 }
208 finally {
209 if (ctx != null) {
210 ctx.close();
211 }
212 }
213 }
214
215 private static Log _log = LogFactoryUtil.getLog(CASAutoLogin.class);
216
217 }